Is Malware Targeting Norton???

Discussion in 'other anti-virus software' started by kdcdq, Apr 1, 2012.

Thread Status:
Not open for further replies.
  1. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,306
    I admit that my knowledge of all this is miniscule compared to almost everyone here. But what I do know is that I have never had an infection. I always run MBAM alongside my AV, which is currently Norton IS.

    Maybe I don't need MBAM, but I am not going to ditch it, and learn the hard way.

    Regards,
    Jerry
     
  2. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    Instead of giving a vague list of type of infections name the ones that have bypassed Norton on every machine you have cleaned recently,the tools used to clean should have generated a logfile which would have included the name(or that vendors name) for the infections found,I haven't noticed a greater number of machines that have malware running Norton compared to other vendors products coming through our doors,perhaps everybody round where you are uses Norton:-may have been a local special offer on it:D
    Most infected machines we see are running no anti-malware products or have expired/out of date ones
     
  3. Rampastein

    Rampastein Registered Member

    Joined:
    Oct 16, 2009
    Posts:
    290
    There's many other things to consider. While I would have the knowledge to use a similar solution as you do, I don't. Instead I'm running one of these biggest rip-offs ever (although heavily customized to my liking via settings). Why? What you use simply seems like too much trouble. I've never got infected with a suite, despite not even using sandboxing at all. I rarely ever even encounter malware, and all those that I've encountered have got either detected by the AV or auto-blocked by a HIPS or BB component of some suite. Since I don't seem to get infected by simply keeping everything up-to-date, running a suite with an admin account, and being aware of not clicking on all links I see, I don't see the reason why I should be wasting time recovering downloaded files from sandboxes. Instead I can use my system without spending time with my security software all the time, and I can focus on actually working.

    Some people I know are just running Windows 7 Firewall behind a router, and they've also got never infected. What one really needs or wants from security depends a lot on the user.
    Inevitably? That sounds like a scare tactic I've read a lot of these "biggest rip-offs" have been using. I'm rather sure most people will never get really infected by following normal security practices and by running an AV. From what I've seen, those who get infected have usually done something wrong like turned off automatic updates, run an out-of-date AV, or downloaded malware manually (usually by trying to circumvent some copy protection system).
     
  4. kdcdq

    kdcdq Registered Member

    Joined:
    Apr 19, 2002
    Posts:
    815
    Location:
    A Non-Sh*thole State
    Several of the infected machines were running expired 2010 and 2011 versions of Norton, so their malware definitions were not current. Several were running the same versions of Norton WITH current subscriptions. The machines running Norton 2012 had only minor adware and spyware infections.

    It is not my intention to try and throw Symantec under the bus. It just surprised me to see so many Norton-based systems with active malware on them in a short period of time.
     
  5. malexous

    malexous Registered Member

    Joined:
    Jun 18, 2010
    Posts:
    830
    Location:
    Ireland
  6. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,625
    Location:
    USA
    It might just be due to the popularity of the product. Once you step outside of this forum it is very likely that an average user will be running it, in many cases because it is the only product they have heard of. I know of many non-technical people that have Norton set up with auto renewal.
     
  7. Atul88

    Atul88 Registered Member

    Joined:
    Dec 8, 2011
    Posts:
    259
    Location:
    India
    lol..that made me laugh
    Few days ago i went to a Computer shop, which is well known in our Area
    Me: Do u have a boxed version of ESET ??
    Vendor: U r pronouncing it wrong Boy!!! its ESCAN.
    Me:o_O . :mad: I am Talking about ESET Smart Security
    Vendor: what is that??o_O o_O
    The only AV they know here are Kaspersky, Escan, norton & McAfee!!!
     
  8. sm1

    sm1 Registered Member

    Joined:
    Jan 1, 2011
    Posts:
    570
    I have norton internet security 2012 in one of my systems. It is sparingly used. Everytime I turned on that system norton was disabled since it was unable to verify my subscription status. I had to manually check the subscription status to enable norton:( It might be one of the reasons for a system to get infected.
     
  9. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    why was it disabled?its not normal behaviour for that product,was it disabled or were you getting an at risk warning due to out of date bases?
     
  10. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
    I used NIS on all of my home systems for years and many of my customers do as well. I haven't seen a recurring problem with being unable to verify the subscription so I have to think that's an anomaly.

    As to machines staying infected while running fully updated NIS clearly there's a problem. Sometimes NIS simply can't remove an infection - for example the zeroaccess rootkit (they claim that's fixed now). If there's even one serious malware on a machine, such as a rootkit, then the security software (any software) may be compromised even though it appears to be working properly.
     
  11. asd3332_shh

    asd3332_shh Registered Member

    Joined:
    Apr 3, 2012
    Posts:
    1
    I visited a client of ours today because they claimed they see strange antivirus messages. What they actually were fake antivirus messages.
    They had Norton Internet Security updated some days ago but disabled and not working. It seems the malware has disabled it.
    *

    I forgot - Norton was version 2012 and Windows was fully updated (by Microsoft Update) . It missed only some driver for the mousepad
     
    Last edited by a moderator: Apr 3, 2012
  12. Legendkiller

    Legendkiller Registered Member

    Joined:
    Jun 29, 2006
    Posts:
    1,053
    With no offence intended to anyone........i get amazed at how many tools people use for protection of their pc. have a look at "my security setup" topic.

    Like many people have said here.....a lot depends on the end-user. I for as long as i remember have never gone for more than either of a AV or IS and i have never been infected apart from my own wrong doings.

    In fact in last few years Companies have taken up additional tools like anti-phishing/blocking known bad pages, monitoring downloads etc etc.
     
  13. tekkaman

    tekkaman Registered Member

    Joined:
    Sep 22, 2008
    Posts:
    196

    This is true. I never had any problems with Avast. But my clients do. I'll give you an example. I replace the motherboard of a client and install everything again and left the computer ready to use for a client. I installed Office, Ashampoo Burning Studio Free, 7Zip, Avast, and other software and explained him how to use it. Months later he comes back saying the computer is messed up again. When I check I see the computer is full of spyware and adware. Some software called PC Performance that said the computer has tons of errors and many other junk software. When I traced back the origin of some of them. They came bundled with some "FREE" software. A burning aplication and an archive tool similar to winrar. And I'm still thinking now why the hell did he installed those when I left the computer with good and clean software ? Why could he not use Ashampoo or 7zip ? I'll have to ask him. -_-

    That being said. Antivirus detect viruses. But their adware and spyware detection is NEVER on par with a dedicated application. And will keep detecting less as AV's keep making association with toolbar companies and spyware browsers like Chrome. Pay me and I don't include you in the list :p Some antispyware companies are acting that way as well. Now you see companies that used to claim that they detect ALL SPYWARE now they leave most toolbars intact specially Ask and other well known toolbars.
     
  14. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,102
    Location:
    on my zx10-r
    most of the time no matter what you tell them they install whatever junk they want to anyway then come back and say its messed up i see this all the time. its like in one ear and out the other with many of them...
     
  15. AlexC

    AlexC Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    1,288
    tekkaman and zfactor, i totally agree :thumb: Would be excelent if there was any antimalware able to block those. However the problem is that the user consent (agreeing with the EULA or leving the optional checkboxes marked), without really knowing, in the install of those toolbars and crapware, and so AV's cant target them.

    Just take a look at this thread:
    http://forums.malwarebytes.org/index.php?showtopic=18938

    Just a part of it:

    Poster
    "I was wondering if Malwarebytes Anti-Malware is able to detect and remove Opencandy (www.opencandy.com). I find this kind of adware extremely annoying as it gets installed silently along with an increasing number of legitimate applications "

    Answer from Bruce Harrison, Malwarebytes Vice President of Research:
    "Get me a link to anything that installs this without a EULA and/or a checkbox , without those we cant target this ."

    One of the rares antimalwares i see doing a reasonable job cleaning those softwares and/or their leftovers is Spybot S&D, maybe because of the disclaimer they show before the scan. If there are any others please let me know!
     
    Last edited: Apr 4, 2012
  16. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,321
    Location:
    AmstelodamUM
    This is WSF.
    'Ideal' security software setups are somewhat of a hobby for a lot of members.
    Go to a car engine discussion forum, check the 'my tweaked car engine setup' and see how many folks drive with a 'pretty much vanilla' engine and how many forum members regularly change A/B to optimize X/Y. :p
     
  17. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,752
    Location:
    Toronto Canada
    I've never been infected either since I started using computers around 1998.
     
  18. berryracer

    berryracer Suspended Member

    Joined:
    Jan 24, 2008
    Posts:
    1,640
    Location:
    Dubai, UAE
    Ditto! Kaspersky FTW
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.